ClickCease Firefox 118 Addresses Multiple Security Vulnerabilities

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Firefox 118 Addresses Multiple Security Vulnerabilities

Rohan Timalsina

October 4, 2023 - TuxCare expert team

Released last week, Firefox 118 arrives with the most anticipated built-in translation feature, which was initially planned for Firefox 117. This new feature allows users to translate website content from one language to another.

Soon after the release, Firefox 118 addressed multiple security vulnerabilities reported by external researchers on September 26, 2023. Among these, six were described as high-severity vulnerabilities by Mozilla. Other patched vulnerabilities include two moderate and one low-severity bug.


Six High-Severity Vulnerabilities Fixed


The FilterNodeD2D1 may receive malicious data from a compromised content process, causing an out-of-bounds write and a potentially exploitable crash in a privileged process. Firefox is affected by this problem on Windows only. There is no impact on other operating systems.



An out-of-bounds write caused by malicious data in a PathRecording from a compromised content process may have caused a crash in a privileged process that might have been exploited.



Within canvas rendering, a compromised content process might have induced an unexpected alteration in a surface, potentially resulting in a memory leak within a privileged process. This memory leakage could be exploited for a sandbox escape if the specific data required for such an escape was exposed.



While undergoing Ion compilation, a Garbage Collection event might have led to a use-after-free scenario, granting an attacker the ability to write two NUL bytes and potentially trigger a crash that could be exploited.



Within the Ion Engine, the mutation of a hashtable could have occurred while a live interior reference was still in place, potentially resulting in a use-after-free situation and a crash that could be exploited.



Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 contained memory safety vulnerabilities. Some of these vulnerabilities exhibited signs of memory corruption, and it is conceivable that, with sufficient effort, certain ones could have been leveraged to execute arbitrary code.


Critical Vulnerability Fixed in Firefox 118.0.1

Following the above events, Mozilla announced the patches for the critical vulnerability, CVE-2023-5217, on September 28, 2023. This flaw was discovered in the libvpx library in which specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process.


Final Thoughts

It is crucial to update the Firefox web browser to the latest version to avoid the potential risk of these vulnerabilities. The new Firefox 118 updates should already be accessible in your distribution’s stable repositories, so it is advised to maintain a regular update schedule to keep your system secure.


The source for this story is available at Mozilla Foundation Security Advisories.

Firefox 118 Addresses Multiple Security Vulnerabilities
Article Name
Firefox 118 Addresses Multiple Security Vulnerabilities
Discover the latest Firefox 118 security update addressing high-severity vulnerabilities, including memory issues and potential crashes.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter